diff options
Diffstat (limited to 'docs/hazmat/primitives')
-rw-r--r-- | docs/hazmat/primitives/asymmetric/index.rst | 2 | ||||
-rw-r--r-- | docs/hazmat/primitives/asymmetric/padding.rst | 15 | ||||
-rw-r--r-- | docs/hazmat/primitives/cryptographic-hashes.rst | 4 | ||||
-rw-r--r-- | docs/hazmat/primitives/hmac.rst | 2 | ||||
-rw-r--r-- | docs/hazmat/primitives/interfaces.rst | 10 | ||||
-rw-r--r-- | docs/hazmat/primitives/key-derivation-functions.rst | 2 | ||||
-rw-r--r-- | docs/hazmat/primitives/symmetric-encryption.rst | 6 | ||||
-rw-r--r-- | docs/hazmat/primitives/twofactor.rst | 4 |
8 files changed, 29 insertions, 16 deletions
diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst index 10319fad..7ec1c5f2 100644 --- a/docs/hazmat/primitives/asymmetric/index.rst +++ b/docs/hazmat/primitives/asymmetric/index.rst @@ -1,6 +1,6 @@ .. hazmat:: -Asymmetric Algorithms +Asymmetric algorithms ===================== .. toctree:: diff --git a/docs/hazmat/primitives/asymmetric/padding.rst b/docs/hazmat/primitives/asymmetric/padding.rst index 8a034329..2a5de3c7 100644 --- a/docs/hazmat/primitives/asymmetric/padding.rst +++ b/docs/hazmat/primitives/asymmetric/padding.rst @@ -10,6 +10,17 @@ Padding correct padding signatures can be forged, messages decrypted, and private keys compromised. +.. class:: PSS(mgf) + + .. versionadded:: 0.3 + + PSS (Probabilistic Signature Scheme) is a signature scheme defined in + :rfc:`3447`. It is more complex than PKCS1 but possesses a `security proof`_. + This is the `recommended padding algorithm`_ for RSA signatures. + + :param mgf: A mask generation function object. At this time the only + supported MGF is :class:`MGF1`. + .. class:: PKCS1v15() .. versionadded:: 0.3 @@ -17,7 +28,7 @@ Padding PKCS1 v1.5 (also known as simply PKCS1) is a simple padding scheme developed for use with RSA keys. It is defined in :rfc:`3447`. -Mask Generation Functions +Mask generation functions ~~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: MGF1(algorithm, salt_length) @@ -41,3 +52,5 @@ Mask Generation Functions .. _`Padding is critical`: http://rdist.root.org/2009/10/06/why-rsa-encryption-padding-is-critical/ +.. _`security proof`: http://eprint.iacr.org/2001/062.pdf +.. _`recommended padding algorithm`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html diff --git a/docs/hazmat/primitives/cryptographic-hashes.rst b/docs/hazmat/primitives/cryptographic-hashes.rst index b7eee2f5..c318feeb 100644 --- a/docs/hazmat/primitives/cryptographic-hashes.rst +++ b/docs/hazmat/primitives/cryptographic-hashes.rst @@ -1,6 +1,6 @@ .. hazmat:: -Message Digests +Message digests =============== .. currentmodule:: cryptography.hazmat.primitives.hashes @@ -90,7 +90,7 @@ SHA-1 SHA-1 is a cryptographic hash function standardized by NIST. It produces an 160-bit message digest. -SHA-2 Family +SHA-2 family ~~~~~~~~~~~~ .. class:: SHA224() diff --git a/docs/hazmat/primitives/hmac.rst b/docs/hazmat/primitives/hmac.rst index ce4e8803..5d511bc4 100644 --- a/docs/hazmat/primitives/hmac.rst +++ b/docs/hazmat/primitives/hmac.rst @@ -1,6 +1,6 @@ .. hazmat:: -Hash-based Message Authentication Codes +Hash-based message authentication codes ======================================= .. currentmodule:: cryptography.hazmat.primitives.hmac diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index cefd81ac..9a1f3307 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -12,7 +12,7 @@ to document argument and return types. .. _`Abstract Base Classes`: http://docs.python.org/3.2/library/abc.html -Symmetric Ciphers +Symmetric ciphers ~~~~~~~~~~~~~~~~~ .. currentmodule:: cryptography.hazmat.primitives.interfaces @@ -47,7 +47,7 @@ Symmetric Ciphers The number of bits in a block. -Cipher Modes +Cipher modes ------------ Interfaces used by the symmetric cipher modes described in @@ -103,7 +103,7 @@ Interfaces used by the symmetric cipher modes described in Exact requirements of the nonce are described by the documentation of individual modes. -Asymmetric Interfaces +Asymmetric interfaces ~~~~~~~~~~~~~~~~~~~~~ .. class:: RSAPrivateKey @@ -377,7 +377,7 @@ Asymmetric Interfaces .. attribute:: name -Hash Algorithms +Hash algorithms ~~~~~~~~~~~~~~~ .. class:: HashAlgorithm @@ -402,7 +402,7 @@ Hash Algorithms The internal block size of the hash algorithm in bytes. -Key Derivation Functions +Key derivation functions ~~~~~~~~~~~~~~~~~~~~~~~~ .. class:: KeyDerivationFunction diff --git a/docs/hazmat/primitives/key-derivation-functions.rst b/docs/hazmat/primitives/key-derivation-functions.rst index 174b68d2..6196d951 100644 --- a/docs/hazmat/primitives/key-derivation-functions.rst +++ b/docs/hazmat/primitives/key-derivation-functions.rst @@ -1,6 +1,6 @@ .. hazmat:: -Key Derivation Functions +Key derivation functions ======================== .. currentmodule:: cryptography.hazmat.primitives.kdf diff --git a/docs/hazmat/primitives/symmetric-encryption.rst b/docs/hazmat/primitives/symmetric-encryption.rst index 71a1064e..f7e8d5b7 100644 --- a/docs/hazmat/primitives/symmetric-encryption.rst +++ b/docs/hazmat/primitives/symmetric-encryption.rst @@ -1,7 +1,7 @@ .. hazmat:: /fernet -Symmetric Encryption +Symmetric encryption ==================== .. currentmodule:: cryptography.hazmat.primitives.ciphers @@ -130,7 +130,7 @@ Algorithms :param bytes key: The secret key, This must be kept secret. 40 to 128 bits in length in increments of 8 bits. -Weak Ciphers +Weak ciphers ------------ .. warning:: @@ -372,7 +372,7 @@ Modes a secret message! -Insecure Modes +Insecure modes -------------- .. warning:: diff --git a/docs/hazmat/primitives/twofactor.rst b/docs/hazmat/primitives/twofactor.rst index 124d0ef5..e9f5c7ff 100644 --- a/docs/hazmat/primitives/twofactor.rst +++ b/docs/hazmat/primitives/twofactor.rst @@ -1,6 +1,6 @@ .. hazmat:: -Two-factor Authentication +Two-factor authentication ========================= .. currentmodule:: cryptography.hazmat.primitives.twofactor @@ -79,7 +79,7 @@ locks out the account for a period of time after a number of failed attempts. The number of allowed attempts should be as low as possible while still ensuring that usability is not significantly impacted. -Re-synchronization of the Counter +Re-synchronization of the counter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The server's counter value should only be incremented on a successful HOTP |